<?php
session_start();
// Connect to the DB.
$_SESSION["errmsg"] = '';
require_once '../include/config.lib.php';
require_once '../include/database.lib.php';

//$_POST = Array ( [accountNo] => [password] => [confrimpassword] => [name] => [email] => [affiliation] => [description] => [button] => Register ) 

if(!preg_match("/^[a-zA-Z0-9_-]{3,15}$/", $_POST["accountNo"]))//check user name format
{
	$_SESSION["errmsg"] = 'User name should only contain letters, digits, "-" and "_"';
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../register.php\"></HTML>";//redirect to the register page
}
else if($_POST["password"] != $_POST["confrimpassword"])//check whether password match
{
	$_SESSION["errmsg"] = 'Passwords don\'t match!';
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../register.php\"></HTML>";//redirect to the register page
}
else if(!preg_match("/[a-zA-Z0-9]{4,16}/", $_POST["password"]))//check password format
{
	$_SESSION["errmsg"] = 'Password should be string with 4-16 letters or digits!';
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../register.php\"></HTML>";//redirect to the register page
}

else if(!preg_match("/^([a-zA-Z\']+(?:\.)?(?: [a-zA-Z]+(?:\.)?)*)$/", $_POST["name"]))//check name format 
{
	$_SESSION["errmsg"] = 'Sample name format: "John Smith".';
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../register.php\"></HTML>";//redirect to the register page
}

else if(!preg_match("/^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9_][-a-z0-9_]*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z][a-z])|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(:[0-9]{1,5})?$/i", $_POST["email"]))
{//check email format
	$_SESSION["errmsg"] = 'Wrong email format!';
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../register.php\"></HTML>";//redirect to the register page
}
/*
else if()
{
	
}
*/
else 
{
	ConnectToDB();
	//insert into database
	$checkduplicate = DBExecute("SELECT USERNAME FROM DB2INST1.person WHERE USERNAME='".$_POST["accountNo"]."' OR EMAIL='".$_POST["email"]."'");
	if($checkduplicate->fetchAssocRow() != null)//evaluate whether there's the same username/email in the database
	{
		$_SESSION["errmsg"] = 'Same user name or email already exist!';
		echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../register.php\"></HTML>";//redirect to the register page
	}
	
	else
	{
		//replace " and ' in the data user submit
//		$replacefrom = array("'", "\"");
		$_POST["name"] = str_replace('\'', "`", $_POST["name"]);
		$_POST["affiliation"] = str_replace('\'', "`", $_POST["affiliation"]);
		$_POST["affiliation"] = str_replace('"', "`", $_POST["affiliation"]);
		$_POST["description"] = str_replace('"', "`", $_POST["description"]);
		
		
		$password = strtoupper(SHA1($_POST["password"]));
		$insert = DBExecute("INSERT INTO DB2INST1.person (USERNAME, NAME, EMAIL, AFFILIATION, PASSWORD, DESCRIPTION) 
							   VALUES('".$_POST["accountNo"]."', '".$_POST["name"]."', '".$_POST["email"]."', '".$_POST["affiliation"]."', '".$password."', '".$_POST["description"]."')");
				
		//redirect to person's own page.
		$selectid = DBExecute("SELECT id FROM person WHERE username = '".$_POST["accountNo"]."'");
				
		$_SESSION["accountNo"] = $_POST["accountNo"];
		$id = $selectid->fetchAssocRow();//find the person's id to redirect to the person's own page
		
		/////conference, everyone who registers from here is an author:
		DBExecute("INSERT INTO DB2INST1.peopleroles (personid,role) 
							   VALUES(".$id["ID"].", 'author')");
		////
		
		
		$url = "../person_view.php?id=".$id["ID"];
		echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the person's profile page
	
	}
}
?>